Introduction:
sfick - simple file integrity checker - is a utility to assist in the
process of verifying the integrity of key files on any given GNU/Linux
or Unix system.
For best results, the DataGather process should be performed
immediately following the time of origination for any files that the
user wishes to gather verification data for. That is, for gathering
verification data for various important system programs (netstat, ls,
cd, rm, etc.) the DataGather process should be performed immediately
after install prior to network connectivity being initialized. This
will lessen the chances of these files being compromised prior to the
verification data being gathered.
List of files:
DataGather.java : DataGather Program - Java.
integritycheck.pl : Integrity Verification Script - Perl.
Instructions for use (read this before the installation instructions):
1) DataGather: The purpose of this step is to allow the user to
decide which files they might want to verify the integrity of in the
future. Given the names and locations of all the files selected by the
user, backup copies and md5 checksums of the files are saved into a
temporary directory. The configuration file, which will be used later
by the integrity verification program, is also generated at this time.
All of this gathered information is to be burned onto a write-once
CD-ROM (commonly referred to as a CD-R).
NOTE: Prior to writing the data to the write-once media, the user must
change the permissions of the copied integritycheck.pl program to
allow the program to be executed. For example, on Linux, if the newly
created temporary directory is "tmp/", the permissions of
"tmp/integritycheck.pl" must be modified as follows:
"chmod +x tmp/integritycheck.pl"
The files in "tmp/" are now ready to be archived to the desired
write-once media.
2) Move all of the files created/gathered by the DataGather process to
a write-once CD-ROM (CD-R) or other write-once media (the write-once
property facilitates the maintained integrity of the backed up files).
On Linux systems this can be accomplished using various programs, such
as cdrecord (see man cdrecord). Windows users also have various options
available to perform this task.
3) Sometime in the future, say, when the user suspects they might have
had a system compromise, the integrity verification process takes
place. Simply mount the write-once media from step 2, change the
working directory to the root directory on that media, and execute the
command "./integritycheck.pl". The integrity checker will then examine
the current files (those local files currently in use by the user) and
compare the newly computed MD5 checksums of those files to the stored
MD5 checksums of the archived files (those files backed up to the
write-once media in step 2). If the checksums differ, the user will be
asked if they wish to restore the modified local file with the original
archived file.
Instructions for compiling/installing:
The DataGather Java GUI requires Java 2 Platform, Standard Edition
(J2SE) version 1.4.2 or greater -- available at http://java.sun.com/
To compile DataGather.java, enter the command: "javac DataGather.java"
To start the DataGather GUI, enter the command: "java DataGather"
The integrity checker (integritycheck.pl) requires Perl 5.8.3
(available at www.perl.com) and the Digest-MD5 module by Gisle Aas and
Neil Winton (available at http://www.cpan.org/authors/id/G/GA/GAAS/)
To execute integritycheck.pl first ensure that the file has executable
permissions. If not, use the command "chmod +x integritycheck.pl" to
set execute permissions. To execute the program, enter the command:
"./integritycheck.pl" from the root directory on the write-once media
containing the archived files. A copy will be created on the media
along with the archived files.
Problems:
If any of the programs fail to compile or execute, make sure the
required version of Java and Perl are installed with the appropriate
modules (listed above in compiling/installing instructions).
If integritycheck.pl fails with an error something like:
"Command not found", do the following:
1) Find out where the perl interpreter is installed with the
"which" command as follows: "which perl"
2) Open integritycheck.pl in your favorite text editor and change
the very top line from "#!/usr/bin/perl" to "#!PERL_PATH" where
PERL_PATH is the path where perl has been installed (learned in
step 1).
note: Some system administrators may have multiple versions of Perl
installed. If problems persist, contact your system administrator
for assistance in locating the correct version.